Policy privacy

come back to homepage

Privacy policy

CONFIDENTIALITY AND PERSONAL DATA PROTECTION POLICY

Introduction

It undertakes to ensure that the processing of personal data carried out on Groupe Y Nexia Foreign Desk complies with the General Data Protection Regulation (GDPR) and the French Data Protection Act. This data protection policy applies to the processing of data carried out via the Groupe Y Nexia Foreign Desk. It informs you of the purpose(s) of the processing carried out, the legal basis for the processing, the recipients of the data as well as their retention period, the security measures (general description), the possible existence of data transfers outside the European Union or automated decision-making, the use and management of cookies, your rights to information technology and civil liberties and how to exercise them.

Who is responsible for data processing on this website?
The company Groupe Y Management – 53 rue des Marais RCS 18421 – 79024 NIORT Cedex is responsible for data processing on the Groupe Y Nexia Foreign Desk website. For more information, see the legal notice.

Does this site collect personal data?
According to article 4.1 of the GDPR, personal data is any information that enables you to be identified either directly or indirectly. This site collects personal data via its various contact forms and through the use of cookies (to find out more about cookies, see the cookies policy). Personal data is freely communicated to the Groupe Y Nexia by the persons concerned by consenting to the processing and by taking note of the information displayed under the various contact forms. The data collected is appropriate, useful, necessary and limited to the strict minimum. This includes identification data (surname, first name), professional data (company) and connection data (e-mail address).

What are the purposes of data collection?
Personal data collected via the various contact forms on the website are processed for the following purposes:

  • Answer questions about our offers
  • Make an appointment
  • Submit a call for tenders
  • Respond to all your requests and manage your relationship with Groupe Y Nexia
  • Carry out all management activities related to your contract
  • Receive and process your requests relating to your rights under the GDPR and the Data Protection Act.

What is the legal basis for the processing carried out by this site?
The processing of your personal data by the Groupe Y Nexia is based on :

  • Or on the basis of your consent in all cases where you yourself entrust your personal data. Your consent can of course be withdrawn at any time.
  • Or on the execution of contractual or pre-contractual measures in the context of your request for a quote and the commercial relationship that may ensue.
  • Or to comply with a legal obligation, particularly in terms of exercising your rights under the GDPR and the Data Protection Act.
  • Or its legitimate interest in protecting its documents and information.


Who are the recipients of the data processed by this site?
Your personal data is primarily intended for the Groupe Y Nexia, the site publisher and data controller. It is processed by the staff of the various departments concerned by your requests, such as the sales department and the personal data protection department. It is processed solely for the purposes indicated above. Your personal data may be processed from time to time by subcontractors of the Groupe Y Nexia (within the meaning of article 4.8 of the GDPR) in a strictly controlled manner. It is never communicated to third parties for commercial purposes.

Is personal data transferred outside the European Union?
To enable the provision of its services and products, Y Nexia Group may transfer personal data outside the European Economic Area (EEA). When we do so, we expect our service providers to commit to implementing high standards of data protection through recognised European standards or specific contractual obligations to ensure the protection of your rights. To secure this type of transfer, Groupe Y Nexia, for example :

  • chooses service providers outside the EEA located in a country with an adequate level of personal data protection as recognised by the European Commission, or
  • if the service provider is not located in a country offering an adequate level of protection, and unless Nexia Y Group is unable to benefit from the exemptions provided for by the applicable texts, Groupe Y Nexia will secure such transfers by :
    • the conclusion of standard contractual clauses recognised by the European Commission, or
    • using a service provider that has adopted binding rules recognised by the European supervisory authorities.

To obtain a copy of these measures or to find out where they are available, you can send a written request to the Data Protection Officer at the following address, or by post to the following address Groupe Y Management – 53 rue des Marais RCS 18421 – 79024 NIORT Cedex – France

How long is personal data processed by this site kept?
Groupe Y Nexia ensures that data is only kept in a form that allows identification of the persons concerned for as long as is necessary for the purposes for which it is processed. The retention periods we apply to your personal data are proportionate to the purposes for which they were collected. Groupe Y Nexia organises its data retention policy as follows:

Data and purposes Storage life
Personal data processed for the purposes of managing a contract. The entire duration of the contractual relationship up to the balance 0, plus the duration of any legal requirements.
Data processed as part of litigation management. Duration of the proceedings until the action to enforce a final court decision is time-barred.
Personal data processed for pre-contractual purposes, without the actual conclusion of a contract. Simulation: 3 years after the simulation date.
Prospect exchange. 3 years from the date of collection or the last incoming contact from the prospect.
Data protection rights management. Processing time for simple applications: 1 month Processing time for complex applications: 3 months
Cookies. 13 months maximum depending on the Cookie (For more information see the Cookies policy)
Management of consent to e-mail prospecting. Until consent is withdrawn, plus the limitation period.
Management of objections to commercial prospecting or processing. Duration of the objection.

 

What are the rights of persons affected by the processing carried out by this site?

You can visit our website without having to identify yourself or provide any personal information about yourself. However, you can ask us to contact you using a specific form. We collect the individual data that you provide to us as part of the contact form, as well as in the e-mails that you send to us. In accordance with the General Regulation on the Protection of Personal Data (GPRD) which came into force on 25 May 2018 and by LAW no. 2018-493 of 20 June 2018 relating to the protection of personal data known as LIL3 and Order no. 2018-1125 of 12 December 2018 taken in application of Article 32 of Law no. 2018-493 of 20 June 2018 relating to the protection of personal data and amending Law no. 78-17 of 6 January 1978 relating to information technology, files and freedoms, you have the following rights:

  • access to your personal data and information concerning them;
  • rectification, deletion and portability of your personal data;
  • to limit or object to the processing of your personal data;
  • to withdraw your consent.

You also have the right (where applicable) to formulate general or specific directives relating to the conservation, deletion and communication of your personal data after your death or the right to be forgotten.

How can I draw up post-mortem instructions?
You have the possibility of defining specific directives relating to the conservation, deletion and communication of your personal data after your death with our services according to the methods defined below. These specific instructions will only concern the processing carried out by us and will be limited to this area. These directives may be registered with a trusted digital third party, certified by the CNIL and responsible for ensuring that your wishes are respected in accordance with the requirements of the applicable regulations on the protection of personal data.

How can I exercise my rights under the RGPD and the Data Protection Act?
Your requests can be made in different ways:

  • Via the Y Nexia Group website using this link
  • By e-mail to the following address
  • By post by writing to Groupe Y Management- 53 rue des Marais RCS 18421 – 79024 NIORT Cedex
  • Through a representative who will use one of the above channels to make the request.

Please make each of your requests by one of the above means, enclosing a copy of your identity card or any other means of establishing your identity.

For a request for right of access: Please specify in your request which data or which processing operations it concerns. Your data will be sent to you electronically or by post, by recorded delivery with acknowledgement of receipt. Groupe Y Nexia may require payment of a reasonable fee based on administrative costs for any additional copies requested (Article 15.3 of the GDRP). In the event of manifestly unfounded or excessive requests, Groupe Y Nexia may require the payment of reasonable charges which take into account the administrative costs incurred in providing the information or refuse to comply with such requests (article 12.5 of the RGPD).

For a request for the right of rectification: If you believe that information concerning you is incorrect and should be rectified, please indicate precisely which data concerning you is inaccurate or incomplete, and provide any information enabling it to be corrected or completed (article 15 of the RGPD).

For a request for the right to erasure: Please indicate precisely the data concerning you that you are requesting to be deleted, and the reasons for your request (Article 17 of the RGPD). Please note: this right is not absolute. Groupe Y Nexia may be obliged to retain information about you, in particular for the purposes of managing the commercial relationship (invoice management, dispute management) and for the purposes of documentation and providing evidence relating to the exercise of your rights.

For a request to restrict processing: Please indicate precisely the data concerning you whose processing you are requesting to be restricted, and the reasons for your request. Please note: this right is not absolute; Groupe Y Nexia may decide to continue processing your data (Article 18.3 of the RGPD). Limitation, if implemented, may result in the suspension of services provided by Groupe Y Nexia (access to work and deliverables, receipt of information, etc.). These consequences will be described to you in the letter acknowledging receipt of your request to limit processing.

For a request for the right to object: Please indicate precisely the data processing concerning you to which you wish to object, and the reasons for your request. Please note: this right is not absolute. Please indicate precisely the processing for which you object to the management of your personal data, and the reasons for your request (article 21 of the RGPD).

For a request for the right to data portability: Each user may at any time make a request for data portability in order to recover the personal data that the Nexia Y Group has collected about them in the context of processing based on consent and on the basis of a contract. If you would like the data to be transferred to another data controller in a standard format, please specify this and provide the contact details of this other data controller.

How can I contact the DPO? You can contact the DPO of Groupe Y Nexia by e-mail at the following address or by post by sending your letter to the following address: Groupe Y Management – 53 rue des Marais RCS 18421 – 79024 NIORT Cedex – Data Protection Officer.

Your right to lodge a complaint You have the right to lodge a complaint with a data protection supervisory authority if you believe that your personal data has been processed unlawfully. The right to lodge such a complaint is without prejudice to other administrative or judicial remedies. The competent data protection supervisory authority in France is the Commission Nationale de l’Informatique et des Libertés. You can contact it at

  • via its website
  • by post to the following address Commission Nationale de l’Informatique et des Libertés 3, place de Fontenoy 75007, Paris
  • By telephone on 01 53 73 22 22